This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Jason_Grubbs
Participant
‎2018-07-12 07:44 AM

Report / Log of Anti-Bot and Anti-Virus Updates

Hello CheckMates!

Our audit team is looking for a report that shows that our firewalls are checking for Anti-Virus and Anti-Bot updates AND that they were successfully installed.

I dug through the reports but didn't find any.  I am attempting to dig through the logs, but haven't had much success.

If I go to Security Policies, Threat Prevention, Policy, Updates, I do see the status of the updates.  There has to be a log somewhere with this information.

Surely someone has a way to verify that the updates are successful.

Preview file
24 KB
0 Kudos
3 Replies
Maarten_Sjouw
Champion
Champion
‎2018-07-12 10:38 AM

We are running through similar requirements and my colleague is working on those checks with SNMP, when you enable the Check Point SNMP daemon, this information can be collected. We are using CheckMK and we now get warnings and alerts when the updates fail.

For IPS we are working in a similar way but need to run a small script to be able to collect the data, it cannot be done through SNMP as the update is not a local thing but a management server update, which is then pushed down to the gateway.

I do have a script that takes the Domain server name and the update number into a single file so I have a overview of all domains' status. See the discussion on that here: https://community.checkpoint.com/thread/8331-ips-update-check-per-domain-r7730 

Regards, Maarten
0 Kudos
Jason_Grubbs
Participant
‎2018-07-13 11:10 AM
In response to Maarten_Sjouw

Thanks Maarten!

Can you go into any specifics as to what you are monitoring and how the alerts are setup? We use Solarwinds. I don’t see much even though SNMP is setup correctly.

Preview file
3 KB
Preview file
3 KB
Preview file
10 KB
Preview file
2 KB
Preview file
3 KB
Preview file
3 KB
0 Kudos
Maarten_Sjouw
Champion
Champion
‎2018-07-13 11:51 PM
In response to Jason_Grubbs

Jason, I am sorry but I cannot help you here as I have no experience in setting up the alerts myself. But as I said already you do need to go into the gateways' cpconfig and turn on Check Point SNMP.

Then you should be able to use them with Solarwinds when you download the mib files you can find here: sk90470 Check Point SNMP MIB files

When you use mibwalkyou should be able to find the right mib and set an alert for it.

Regards, Maarten
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events